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Abstract. In this paper, we explain how the connection between higher- 
order model-checking and linear logic recently exhibited by the authors 
leads to a new and conceptually enlightening proof of the selection prob¬ 
lem originally established by Carayol and Serre using collapsible push¬ 
down automata. The main idea is to start from an infinitary and colored 
relational semantics of the A Y -calculus already formulated, and to re¬ 
place it by its finitary counterpart based on finite prime-algebraic lattices. 
Given a higher-order recursion scheme Q, the finiteness of its interpreta¬ 
tion in the model enables us to associate to any MSO formula a new 
higher-order recursion scheme resolving the selection problem. 
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1 Introduction 

Higher-order recursion schemes (HORS) provide an abstract model of compu¬ 
tation which appears to be perfectly adapted for the task of model-checking 
functional programs. Indeed, Knapik, Niwinski and Urzyczyn established in [7] 
that for n > 1, the trees generated by order-n safe recursion schemes are exactly 
those that are generated by order-n pushdown automata, and further, that they 
have decidable MSO theories. The MSO-decidability result for safe HORS was 
then extended a few years later to all HORS by Ong [^. However, the MSO- 
decidability theorem established by the four authors focuses on the decidability 
of a “local” model-checking problem: 

Suppose given a HORS G which generates an infinite tree (Q). Is it 
possible to decide for every MSO-formula (p whether the formula is valid 
at the root of the infinite tree ((/). 

The MSO-decidability result means that the answer to this question is positive. 
A more difficult “global” model-checking problem called the selection problem 
in literature is to understand whether: 

Given a HORS G and a MSO-formula 3A ip[X] holding at the root of 
the infinite tree {G)^ is it possible to compute a HORS Gip generating a 
marked version {G^p) of the original tree {G): and such that the set of its 
marked nodes is a witness U satisfying the MSO-formula p[X]. 
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Quite strikingly, Carayol and Serre established in a recent paper [5] that the 
answer to this question is positive. They also noticed that the selection problem 
follows from a purely automata-theoretic property of HORS, which was estab¬ 
lished by Haddad in his PhD thesis [6]: 

Given a HORS Q and an alternating parity tree automaton A with the 
same ranked alphabet, for every state q of the automaton A accepted 
by the tree {Q), it is possible to compute a HORS Qq generating an 
accepting run-tree {Qq) of the automaton A on the tree {Q) with initial 
state q. 

Of course, the run-tree {Qq) generated by the HORS Qq provides a witness of the 
fact that the state q is accepting. But not only that: thanks to the equivalence 
between MSO-formulas and alternating parity tree automata, the fact that the 
HORS Qq selects a specific run-tree {Qq) among all the run-trees with initial 
state q provides a solution to the “selection problem”. The idea is simply to 
extract from the run-tree {Qq) a specific witness X for the MSO-formula BX ^flX] 
satisfied by the tree {Q). 

In this article, we will show how to establish the existence of such a “higher- 
order recursive” run-tree {Qq) from purely denotational arguments, based on a 
new and fundamental connection with linear logic developed by the authors in 
a series of recent papers SEl- In these papers, an infinitary and colored vari¬ 
ant of the traditional semantics of linear logic is constructed, see [4] for details, 
and shown to compute in a compositional way the set of accepting states of 
an alternating parity tree automaton, see [S] for details. Despite the concep¬ 
tual clarification this approach provides to higher-order model-checking, this 
semantic account does not lead to any decidability result. The reason is that the 
relational semantics of linear logic is a quantitative semantics, where finite types 
are interpreted as infinitary objects. In order to establish decidability results, 
one thus needs to shift to quantitative semantics where the interpretation of fi¬ 
nite types remains finite. This is precisely the purpose of the present paper: by 
shifting from the relational semantics developed in m to the qualitative seman¬ 
tics of linear logic provided by prime-algebraic lattices, we are able to establish 
advanced decidability results like the theorem just mentioned by Carayol, Had¬ 
dad and Serre. This is the first time, to our knowledge, that such a strong and 
natural connection between model-checking and the most contemporary tools of 
semantics (linear logic, relational semantics) is exhibited. 


Plan of the paper. We start by recalling in (21 the notion of higher-order 
recursion scheme and its correspondence with the AH-calculus. We then recall 
in the notion of alternating parity tree automaton. In (jU we introduce a 
finitary colored semantics of the AH-calculus, which we use in S}5]to interpret A- 
terms. We define a parameterized fixpoint in this model in )j6l obtaining colored 
semantics of the AT-calculus. In iJTl we use the finiteness of the model to prove 
the decidability of the local model-checking and of the selection problem. We 
finally conclude in (JS) 
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2 Higher-order recursion schemes and the Al^-calcnlus 

Higher-order recursion schemes. The set of simple types of the A-calculus is 
generated by the grammar cr, r ::= o | cr —>■ r. We write t :: a when a (possibly 
open) A-term t has simple type a. Given a ranked alphabet E, a finite set of 
variables V, a finite set of simply-typed non-terminals TV, and a distinguished 
non-terminal S € Af, a higher-order recursion scheme (HORS) is the data, for 
every non-terminal F S TV, of a closed simply-typed A-term 

Tl{F) = \xi... .Xxn-t (1) 

of same type as the non-terminal F G TV, with constants in AT, where Xi &V and 
t :: o is a A-term of ground type without A-abstractions. Note that an element 
a G AT of arity n is represented as a constant of type o ^ ^ o ^ o with same 

arity n. For each non-terminal F e TV, the data provided by 'R.{F) is equivalently 
represented as a rewrite rule 

F t\ ... tji ‘^Q t\^X'i i ti]. 

Every higher-order recursion scheme Q generates a potentially infinite AT-labelled 
ranked tree noted {Q) and called its value tree. This tree is simply obtained by 
applying an infinite number of times and in a fair way the rewrite rules of 
the HORS Q starting from the start symbol S £ Af. 

Example 1. Given AT = { if : 2, data : 1, Nil : 0}, consider the HORS Q 
fS = LNil 

( L = \x. if a: ( L ( data a; ) ) ^ 

which abstracts a simple program whose function Main (abbreviated as S) calls 
a function Listen (denoted L), starting from an empty list. Depending on a 
side condition unknown to the user or abstracted by the model-checker, Listen 
either returns a stack of data, or receives a new element and pushes it on the 
current stack. The value tree {Q) of this scheme, depicted in Figure [I] provides 
an abstraction of the set of potential executions of the program. Note that even 
though the program Main is very simple, its execution tree {Q) is not regular, 
since it admits an infinite number of different subtrees. This justifies from a 
practical point of view to study how traditional model-checking techniques could 
be adapted to the HORS Q. 

A-calculus with recursion. It is well-known among the specialists of the A- 
calculus that higher-order recursion schemes can be nicely represented as simply- 
typed A-terms in a A-calculus extended with a fixpoint operator Y. The resulting 
AF-calculus is thus defined by adding to the simply-typed A-calculus, a fixpoint 
operator of type a ^ a together with a rewriting rule 

Y^M M{Y„M) 

for every simple type a. 

Proposition 1. For every HORS Q of ranked alphabet AT, there exists a closed 
XY-term t :: o with constants in AT, such that the XY-term t converges to the 
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(if, 90 ) 


(if, qi) 


(if, qo) (if, <?i) (data, qi) (if, go) 
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Fig. 1 : An order- 1 value tree. 


Fig. 2 : An APT run-tree. 


value-tree {Q) in the traditional sense of Bohm trees in the XY-calculus. Con¬ 
versely, there exists for every closed XY-term two with constants in Y a HORS 
Q of same ranked alphabet Y, such that the XY-term t converges to (Q). 

An important benefit of this equivalence property is that the XY -calculus is very 
well understood from the semantic point of view, and thus somewhat simpler to 
study mathematically speaking than higher-order recursion schemes. 


3 MSO and alternating parity tree automata 

As explained in the introduction, there is a beautiful correspondence between 
the formulas of monadic second-order logic (MSO) and alternating parity tree 
automata, which we briefly recall here for the sake of completeness. 

Proposition 2. For every ranked alphabet Y, one has the following equivalence: 

— Every MSO formula ip over Y-labelled trees can he translated to an APT 
A^p of same ranked alphabet Y, such that ip holds at the root of a Y-labelled 
tree T iff Ap has an accepting run-tree over T from its initial state go ■ 

— Conversely, every APT A of ranked alphabet Y can be translated to a MSO 
formula p_A of same ranked alphabet, such that for every Y-labelled tree T, 
A has an accepting run-tree over T from its initial state go if and only if the 
MSO-formula p_A holds at the root of T. 

Recall that alternating parity tree automata (APT) are non-deterministic top- 
down tree automata with the additional ability to duplicate or to erase subtrees. 
Typical transitions are thus of the form 

^('i'o.if) = (2,(7 o) A (2,gi) (5(gi, if) = (1, gi) A (2, go) (3) 

When a node labelled with if is visited in state go, its left subtree is “dropped” or 
“erased” while the right one is “explored twice” or “duplicated”, with go as initial 
state in one copy, and gi as initial state in the other copy. The second transition 
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does not use alternation, and would be usually written as {qi, ±f, qi, qo) & A 
in a nondeterministic tree automaton. Run-trees of an alternating parity tree 
automaton are unranked, and their shape may differ a lot from the original tree. 
The effect of the transitions Q over the tree of Figure [T] is depicted in Figure 
[2] In general, a transition is of the shape 

a) = \J l\ {dij, qij) = y (pi (4) 

iei jeJi iei 

where the union stands for non-determinism, and the conjunction for alternation: 
after i is chosen, for every j G Ji, the automaton runs with state qij over a copy 
of its subtree in direction dij. For every i, we say that ipi is a conjunctive clause 
of the formula S{q,a). 

Seen from an automata-theoretic point of view, monadic second-order (MSO) 
logic is equivalent to the modal /r-calculus. As such it enables one to express 
safety properties (typically, that a given state “error” is never encountered) as 
well as liveness properties (typically, that a given state “happy” is visited in¬ 
finitely often). The safety properties are inductive: it is enough to check that 
no finite approximation of a computation enters an error state, while the live¬ 
ness properties are coinductive, since they specify infinitary behaviors. More¬ 
over, MSO logic and the modal /r-calculus are sufficiently expressive to alternate 
these inductive and coinductive specifications. This alternation is handled by 
extending APT with a parity condition over their run-trees. Alternating parity 
automata are thus equipped with a coloring function 17 : Q —^ N, which as¬ 
sociates a color to each state q of the automaton. This coloring of the states 
q € Q oi the automaton induces a coloring of the nodes of its run-trees, in the 
expected way. Following the principles of parity games, an infinite branch of such 
a run-tree is declared winning when the greatest color occurring infinitely often 
in it is even. A run-tree of the automaton is then accepted precisely when all its 
infinite branches are winning. In the sequel, we find convenient to consider the 
set Col = f2{Q) l±) {e} of colors appearing in the alternating parity automaton 
A under study. The extra color e is added as a neutral color, in order to reflect 
the comonadic nature of colors, as we will explain in the later 21 The following 
definition will also be useful in the sequel, in order to connect the alternating 
parity automaton A and the finitary semantics of linear logic: 

Definition 1. Given a state q G Q and a n-ary constructor a € S, we say that 
a n-tuple a G {'Pfin(Col x Q))" satisfies the formula 6{q,a) when a is of the 
form 

Q: — ( { (ciq, Qlii) I il G Ix\ , . . . , { (Cnz,i, Qnin) I ^ dijij ) 

and there exists a n-tuple of subsets Ji Q Ii, ■ ■ ■, Jn C 1^ such that 

n 

A A J 

k=i jk&Jk 

defines a conjunctive clause of the formula 6{q,a), and such that moreover 
VA: G -[I,..., u) Vj G Ac c/cj — 


( 5 ) 
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In other words, a is a n-tuple of sets {(ci^, qu^) | ik C Ik} of states annotated 
with colors, each of them corresponding to one of the n subtrees below the sym¬ 
bol a. Moreover, each such set should contain a subset {(I?(giij,), qu^) \ ik C Jk} 
of appropriately colored states, such that @ defines a conjunctive clause of the 
formula 6{q,a). The general idea is that the n-tuple is allowed to contain more 
colored states than what is stricly required for the transition S{q,a) to be per¬ 
formed by the alternating parity automaton A. This definition will be crucial 
in the construction of the finitary semantics which, we will see, is based on 
downward-closed sets and subtyping. 


4 The Scott semantics of linear logic 

Here, we adapt the infinitary and colored relational semantics of linear logic 
formulated in [415] to the finitary Scott semantics, where formulas of linear logic 
are interpreted as partial orders. The semantics of linear logic is qualitative in 
the technical sense that its exponential modality ! is interpreted using the finite 
powerset construction, which transports finite sets into finite sets, in contrast 
to the finite multiset construction used in the traditional and quantitative rela¬ 
tional semantics. The terminology of Scott semantics comes from the fact that 
in the derived semantics of the simply-typed A-calculus, every type is inter¬ 
preted as a prime algebraic complete lattice, and every simply-typed A-term as 
a Scott-continuous function. So, let ScottL denote the category with preorders 
A = ( A, <A) as objects and downward-closed binary relations R C A x B 
as morphisms {A, <a) {B, <b)- Here, by a downward-closed relation, we 

mean a binary relation R such that for all a,a' G A and b,b' C B, one has : 

(a, b) G R and a <a a' and b' <b b {a', b') G R. 

The binary relation R is thus downward closed in the partial order (A, <a)°^ x 
{B, <b) interpreting the formula (A, <^) -o {B, <b) in the Scott semantics. The 
intuition guiding this property is that if a binary relation R interpreting a proof 
of linear logic can produce an output b from an input a, then the same binary 
relation can also produce a less informative output b' from a more informative 
input a'. It is well-known in the literature on linear logic that this “saturation 
property” is essential in order to obtain a relational semantics of linear logic 
with a qualitative (that is, based on finite sets instead of finite multisets) in¬ 
terpretation of the exponential modality. This remark is generally attributed 
to Ehrhard, see [8] for details. The composition in ScottL is relational, since 
relational composition preserves the property of being downward-closed. The 
identity morphism over (A, <a) is 

idA = { (a) I a a' } 

ScottL is a compact closed category with products, with 


(A, <a) 0 (B, <s) = {AxB,<ax<b) 
{A, <a) {B, <b) = (A W H, <A W <s ) 

(A, <A )■*■ = (A, >A ) 


1 = (W,=) 

T = (0,0) 
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The exponential modality 

I : A 1 -^ lA : ScottL — > ScottL 

is then defined by associating to the ordered set {A, <a) the set Vfin{A) of finite 
subsets of A, where two finite subsets u and v are ordered in the following way: 

u <!A V -4=^ Va G u, 3b G V, u <a v. 

Recall that the endofunctor ! is transports every morphism R : A ^ B oi the 
category ScottL to the following morphism: 

\ R = {{u, v) g\Ax\B I Wb G V 3a G u {a, b) G R} : \A^\B 

The endofunctor ! is in fact a comonad and defines a Seely category, and thus 
a model of full propositional linear logic, based on the category ScottL, see for 
instance m- 


The coloring comonad. As we have shown in |4I5) . the treatment of colors by 
alternating parity automata follows essentially the same comonadic principles 
as the treatment of copies in linear logic. This connection between higher-order 
model checking and linear logic leads to a coloring comonad □ on the relational 
semantics of linear logic, which we adapt here to the qualitative Scott semantics. 

To that purpose, we fix a finite set of colors Col containing a neutral element e, 
and consider the coloring function Q -G Col which associates a color to ev¬ 
ery state of a parity tree automaton A, see the previous discussion in ^31 The 
modality □ is then defined in the following way for an ordered set (A, <^) and 
a morphism R : (A, <^) (R, <b)'- 

D(A,<a) = (A, <^ )&••• &(A, <^) 

= ({(f, a) I i G Col, a G A}, <nA ) 

(i, a) Di? (j, b) iff i = j and aRb 

where (f, a) <nA (j, o') iff i = j and a <a a'. The comonadic structure of □ is 
provided by the following structural morphisms 

dig^ = {((max(ci,C 2 ),a),(ci,(c 2 ,a'))) I a'<A a} : DA ^ DDA 

derA = {((e, a),a') | a' <a a} : OA A 

mA,B = {ll{i,a),{i,b)),{{i,{a',b')))) \ a' <A a, b' <B b} : DAiS)OB ^ D{Ai^ B) 

mi = { (*, (c, *)) I c G Col } : 1 —S- □ 1 

As we did in the case of the relational semantics [415] . we define a distributive 
law A : ! o □ □ o ! between the comonads ! and □ defined as the natural 

transformation: 

= {({(cj, a^)} , (c, {oi})) |Vi3j c = Cj and a* <A a' } :!nA^-n!A 

The existence of such a distributive law A enables us to equip the composite 
functor i = ! o □ with a comonadic structure. It appears moreover that this 
colored exponential functor ^ satisfies the axioms of a Seely category, and thus 
defines a model of full propositional linear logic. We denote by ScottL^ its 
Kleisli category. 
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5 A finitary interpretation of the simply-typed A-calculus 

In order to simplify the discussion, we suppose given an alternating parity tree A 
over a signature U, with set of states Q and with transition function S. As a 
Kleisli category associated to a model of linear logic, the category ScottL^ is 
cartesian closed and thus a model of the simply-typed A-calculus. The simple 
types are interpreted inductively as 

[cr^r] = i[crl^[Tl and [o] = JL = (Q, =) 

The interpretation of the simply-typed A-terms is standard, except for the in¬ 
terpretation of the elements of the ranked alphabet U, seen as here constants of 
the simply-typed A-calculus, which are interpreted as follows: 

|a]^ = {{a^q) \ q & Q and a satisfies the formula 5{q, a) } 

As explained in in the case of the quantitative relational semantics of linear 
logic, this interpretation of the elements of E corresponds to a Church encod¬ 
ing of the alternating parity automaton A, encoded in the present case in the 
qualitative Scott semantics of linear logic. 

Example 2. Recall the two transitions ([3|) introduced as running example in ij3j 
^{qoAi) = (2,9o) A (2,(7i) S{qi,±i) = (1, 9i) A (2, go) 

Setting Ci = El{qi), these transitions imply that 

(ui, U2, go) e {iflA and (ui, V2, gi) G [i/ 1 ^ 
for every finite sets ui, ^ 2 , fi , ^2 G i IL = Vfin {Col x Q) satisfying moreover 
that {(co, go), (ci, gi)} C U2, that (ci, gi) G vi and that (co, go) G V2- 

Using these interpretations in ScottL of the elements of the ranked alphabet E, 
we construct the interpretation 

(r \- t :: tJa C (^|cri](8)---(g)i|CT„]) ^ [r] 
of any A-term t of type t in a context of typed variables E, with constants in 
the ranked alphabet E. An alternative way to describe this interpretation is to 
express it as an intersection type system with subtyping, in the style of Coppo, 
Dezani, Honsell and Longo [3] and more recently Terui m in the framework of 
linear logic. In this formulation, sequents are of the following form 

E — X\ . Ui_ .. u” , ..., X'fi . Uyj .. rTyj I t . cx .. x 

where ut G i[crij and a G |r]. The typing rules are presented in Figure 21 
with the subtyping relation <a defined inductively in Figure [31 Note that the 
coloring Dc T of a context is defined inductively as 

Oc {x : u :: a, r) = x : Eic u :: cr, Dc F 
□c{(ci,ai)} = {(max(c, Ci), tti) } 

Proposition 3. The sequent 

T — X']^ . "^1 ^1; * ■ * ; ■ '^n ■* ^ ^ ^ *■ ^ 
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g <_iL g 


V (c, a) e « 3 (c, P) € V a <a P 


V <iA u a <B P 


U <iA V U->-a <iA^B V->■ P 

Fig. 3 : Inference rules for the preorders associated with simple types. 


Ax 


q a Q and a satisfies S{q,a) 


r, X : u a h M : a :: t 


3 (e, a') £u a <[^| a' 

X \ u w (j \- X : a w a % a a ^ q w a F Ax. M :it—^-accr—>-r 

To h M : { (ci, Pi), {cn, Pn) } ->■ a :: cr r Fi \- N : Pi :: a (for all i) 


App 


To U Dci A U • ■ • U h M N : a :: T 


Fig. 4: Type-theoretic computation of denotations in ScottL^ 


is provable in this intersection type system if and only if 

(ui, u„, a) e |r h t :: t]^ C ( i [cti ] 0 • • • (8> i [cr„ ] ) ^ |t] 

6 The recursion operator Y 

At this stage, we are ready to shift from the colored semantics of the simply- 
typed A-calculus formulated in Sj5]to a colored semantics of the simply-typed \Y- 
calculus. To that purpose, we construct a Conway operator Y in the category 
FinScottL defined as the full subcategory of ScottL consisting of the finite 
ordered sets. Note that FinScottL defines a Seely category, and thus a model 
of full propositional linear logic. The Conway operator Y is defined a family of 
operations Yx,a transporting a binary downward-closed relation 

R : iX^iA^A 
into a binary downward-closed relation 

Yx,a{R) ■■ iX^A 

and satisfying a series of conditions originally stated by Bloom and Esik [1] 
in cartesian closed categories, and adapted in [4] to the particular framework 
of Seely categories. Note that, such a Conway operator on FinScottL dehnes a 
Conway operator in the sense of [T] in the cartesian-closed category FinScottL^ . 
Just as in the case of the relational semantics, see [3] for details, the important 
point here is that the colors added to the original Scott semantics will enable 
us to alternate least and greatest fixpoints (and thus inductive and coinductive 
reasoning) in the definition of the fixpoint operator Y, using the appropriate 
parity condition. 

Semantic run-trees. Given a relation R : f^X® ^A ^ A and a G A, we define 
the set comp(i?, a) of semantic run-trees of R producing a G A as the set of 
possibly infinite {X ttl A)-labelled trees, with nodes colored by elements of Col, 
and such that the four conditions below are satisfied: 

1. the root of the tree is labelled by a, and has neutral color e. 
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2. the inner nodes of the tree are labelled by elements of the set A, 

3. the leaves are labelled by elements of the set X [t) A, 

4. for every node labelled by an element b € A: 

— if 5 is an inner node, letting oi, • • • ,an denote the labels of its children 
belonging to A and xi, - ■ ■ , Xm the labels belonging to X : 


b 



Xi • • • X'fji Cli • • • CLyi 


and letting a (resp. dj) be the color of the node labelled Xi (resp. aj), 

^ 1 ) 5 *** 5 (Cm; Xjji )}, , (^dn , Un)} jb') ^ R 

— if 5 is a leaf, then (0, 0, b) S R. 

At this point, we adapt to semantic run-trees the usual acceptance condition on 
the run-trees of an alternating parity automata: an infinite branch of the seman¬ 
tic run-tree is winning if and only if an element of Col \ {e} occurs infinitely 
often along it, and if the maximal such element is even. A semantic run-tree is 
declared winning if and only if all its infinite branches are. 

Given a semantic run-tree witness, we define the set leaves (witness) Q iX as the 
set of elements (c, x) where (c', x) is a leaf of witness labelled with x G X, and c 
is the maximal color encountered on the path from the leaf to the root or witness. 

Fixpoint operator. We now define the fixpoint of a binary relation 

R : iX®iA^ A 
as the downward-closed binary relation 

Yx.a {R) = { {u, a) I 3witness € comp(i?, a) with u = leaves (witness) , . 

and witness is a winning semantic run-tree. } ^ 

Proposition 4. The fixpoint operator Y is a Conway operator over FinScottL. 
Consequently, its Kleisli category FinScottL^ is a model of the XY-calculus. 

As in IJHl we find useful and even illuminating to formulate a type-theoretic 
counterpart to our definition of the Conway operator Yx,a provided by the 
following typing rule IG which should be added to the original type system of 
Figure [4] : 

. Fq I- M : { (ci, fix), ..., {Cn, j3n) } ^ Q :: cr -» g F,, G Y^ M -. :: a 

Fo U Dci A U ■ • • U □e„ Fn h Y,, M : a :: a 

In the resulting intersection type system, derivations of infinite depth are allowed, 
and have colored nodes, defined as follows: 

— for every occurrence of the rule Yo-, we assign color Ci to the node F^ h 
Y,M : fi, :: a. 

— all the other nodes are assigned the neutral color e. 
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An infinite derivation tree is then accepted as a proof of the system when all 
its branches are winning, in the same sense as for the branches of a semantic 
run-tree. 

Theorem 1. Given a XY-term t, the sequent 

r — * Ui_ .. U”r, • ■ - , ■* ^ i ■ Ct .. T 

has a winning derivation tree in the type system with fixpoints iff 

{ui, Un, a) e |r h t w t\_a C (i |cri](8)---(8>i[cr„]) ^ [tJ 

At this point, we take advantage of the correspondence recalled in Proposition[T] 
between higher-order recursion schemes (HORS) on the ranked alphabet A, and 
closed AT-terms with constants in the same alphabet E. Indeed, the correspon¬ 
dence enables ns to justify the following typing rule for HORS : 

Fq, F : { (ci, fi), . ■., (c„, Pn) } O' b Ti{F) : a :: a Gj \- F : /dj :: a (Vi) 
To U Dci A U • • • U b F : a :: a 

which provides a direct mean to type the HORS Q in the intersection type 
system, in such a way as to reflect its interpretation |t/J^ C Q in the Scott 
semantics. 

7 Finitary semantics solve the selection problem 

The first theorem of the section establishes a perfect correspondence between 
our finitary interpretation of the higher-order recursion scheme G in the 

Scott semantics, and the set of accepting states of the automaton A : 

Theorem 2. An alternating parity tree automaton A has an accepting run-tree 
with initial state go over the value tree {G) of a higher-order recursion scheme G 
if and only if go € 

By Theorem [U checking whether go G is equivalent to checking whether 
there exists a derivation of the sequent 0 h S' : go " o in the colored intersection 
type system defined in §S] Since the interpretation of simple types in FinScottL 
is finite, only finitely many intersection types and contexts may occur in such 
a derivation. Hence, searching for a derivation of the sequent 0 h S : go - o 
reduces in this case to solving a finite parity game whose nodes are precisely the 
sequents of the derivation tree. This has the following immediate consequence: 

Corollary 1. The local model-checking problem is decidable. 

Recall moreover that the existence of a winning strategy in a finite parity 
game implies that there exists a memoryless winning strategy. In this setting, 
winning strategies correspond to winning derivation trees of the intersection 
type system, and memoryless strategies correspond to derivation trees admit¬ 
ting a finite representation using backtracking pointers. From such a finite rep¬ 
resentation TT, one can define a higher-order recursion scheme Gq on a ranked 



12 


Charles Grellois, Paul-Andre Mellies 


alphabet obtained from S by annotating every terminal a with elements 
of its interpretation |a]^. The HORS Qq has a non-terminal Fa{o) for every 
occurrence o of the non-terminal F in the finite representation tt of the deriva¬ 
tion tree, where a is the intersection type of the occurrence o of T’ in tt. Each 
occurrence o of a non-terminal F then induces a rewrite rule Fa{o) —>- 5 , term{o) 
where term{o) is an annotated version of the A-term TZ{F) coming from the 
original scheme Q. The annotation of term{o) is obtained by annotating the 
non-terminals and the terminals of 'R.{F) with the intersection types occurring 
in the finite representation tt of the derivation tree. This defines a higher-order 
recursion scheme Qq, which generates a run-tree (Qq) of the alternating parity 
tree automaton A over (Q). As a consequence: 

Theorem 3. The selection problem is decidable. 

8 Conclusions and perspectives 

In this paper, we explain how to apply our semantic approach to higher-order 
mo del-checking based on linear logic, in order to establish the decidability of 
local mo del-checking and of the selection problem. Our approach provides a 
rigorous and compositional approach to higher-order mo del-checking, and adapts 
to the inductive-coinductive framework of MSO logic a nice and well-established 
connection between linear logic, Scott domains, and intersection types. Future 
work includes a detailed comparison with a similar line of work on finite models 
of the A Y -calculus currently developed by Salvati and Walukiewicz uni- 
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